[ 
https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16361748#comment-16361748
 ] 

Peng Xing commented on KYLIN-3197:
----------------------------------

Hi [~Aron.tao], thanks for you reply, and I understand your suggestion, so we 
should find a better method to resolve this issue, I will continue to analyze.
Besides, my user LDIF is as follows.

{code:java}
dn: dc=zdh,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: zdh.com
dc: zdh
structuralObjectClass: organization
entryUUID: b5eecc56-9462-1037-880c-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123082527Z
entryCSN: 20180123082527.411783Z#000000#001#000000
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123082527Z
contextCSN: 20180126061232.673080Z#000000#001#000000

dn: ou=defaultCluster,dc=zdh,dc=com
ou: defaultCluster
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: f999602a-9466-1037-880d-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
entryCSN: 20180123085558.923946Z#000000#001#000000
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085558Z

dn: ou=People,ou=defaultCluster,dc=zdh,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: f99a38b0-9466-1037-880e-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
entryCSN: 20180123085558.929482Z#000000#001#000000
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085558Z

dn: ou=Group,ou=defaultCluster,dc=zdh,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: f99ad0ae-9466-1037-880f-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
entryCSN: 20180123085558.933381Z#000000#001#000000
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085558Z

dn: cn=wkhGroup,ou=Group,ou=defaultCluster,dc=zdh,dc=com
objectClass: posixGroup
objectClass: top
cn: wkhGroup
gidNumber: 10000
structuralObjectClass: posixGroup
entryUUID: f99c7e72-9466-1037-8810-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085558Z
memberUid: wkh
memberUid: wkh1
memberUid: wkh2
memberUid: Wkh5
entryCSN: 20180124082044.774518Z#000000#001#000000
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180124082044Z

dn: uid=wkh,ou=People,ou=defaultCluster,dc=zdh,dc=com
uid: wkh
cn: wkh
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
sn: wkh
userPassword:: d2toMTExMTEx
uidNumber: 10001
gidNumber: 10000
loginShell: /bin/bash
homeDirectory: /home/wkh
structuralObjectClass: inetOrgPerson
entryUUID: 12430982-9467-1037-8812-e1d7152e775c
creatorsName: cn=LdapAdmin,dc=zdh,dc=com
createTimestamp: 20180123085640Z
entryCSN: 20180123085640.301158Z#000000#001#000000
modifiersName: cn=LdapAdmin,dc=zdh,dc=com
modifyTimestamp: 20180123085640Z

{code}


> When ldap is opened, I use an ignored case user to login, the page does not 
> respond.
> ------------------------------------------------------------------------------------
>
>                 Key: KYLIN-3197
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3197
>             Project: Kylin
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: v2.3.0
>            Reporter: Peng Xing
>            Assignee: Peng Xing
>            Priority: Major
>              Labels: patch
>             Fix For: Future
>
>         Attachments: 
> 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, 
> image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png, 
> image-2018-02-08-15-32-25-030.png, image-2018-02-08-15-33-07-277.png, 
> image-2018-02-08-15-33-54-480.png, image-2018-02-08-15-35-03-902.png, 
> image-2018-02-12-12-15-00-574.png, image-2018-02-12-12-15-28-826.png, 
> image-2018-02-12-12-15-39-132.png, image-2018-02-12-12-25-15-793.png
>
>
> When ldap is opened, I config the kylin.properties, and give wkhGroup the 
> admin permission.
> {code:java}
> ## Admin roles in LDAP, for ldap and saml
> kylin.security.acl.admin-role=wkhGroup
> {code}
> then I create a new user named 'wkh' whose group is 'wkhGroup', then I use 
> '{color:#ff0000}wkh{color}' to login in, which is normal.
>  But when I use '{color:#ff0000}WKH{color}' to login in, the page does not 
> respond.
>  I analyze the backgroud code, and find the function of 
> 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String,
>  String)' has problem.
>  When userDn is 
> "uid={color:#ff0000}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and 
> username is "{color:#ff0000}WKH{color}", then authorities will be empty Set 
> by the follow code:
> {code:java}
> Set<GrantedAuthority> authorities = super.getGroupMembershipRoles(userDn, 
> username);
> {code}
> So I have added 'getAdditionalRoles' function to get the authorities again.
>  I have test the patch, please review, thanks!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to